How to operate virtual money digging code FacexWorm.(Photo: THE HACKER NEWS)
FacexWorm lurks as a Chrome browser extension and works by sending links via Facebook Messenger to infected account friends to redirect victims to fake websites like YouTube. Users will then receive a notification to download an extension on Chrome like a decoding program for the browser to continue playing the video.
If the user follows, FacexWorm will be installed on the machine and then it will automatically download additional components from the remote control server to execute malicious processes.
According to the researchers, the malicious code could steal users' account information when they log in to Google and pre-encrypted sites, taking advantage of the victim's CPU to dig virtual money, cash trading sessions. virtual user, .
Researchers at Trend Micro added that some of the pre-encrypted FacexWorm types include: Bitcoin (BTC), Bitcoin Gold (BTG), Bitcoin Cash (BCH), Ethereum Classic (ETC), Ripple (XRP), Dash (DASH), Ethereum (ETH), Litecoin (LTC), Zcash (ZEC), and Monero (XMR).
Currently FacexWorm has been discovered in a number of countries such as Germany, Tunisia, Japan, Taiwan, Korea and Spain, but because of the global capability of this malicious code is huge because Facebook Messenger is one of those The application is widely used around the world.
See more: